Words

Posted on September 21, 2015

[Read More]

Posted on September 4, 2015

This article is about Junos and all things syslog. I'll go over several examples showing you what you can configure under the [ system syslog ] stanza. Parts of the examples I use here are based on what I think can benefit a device running Junos OS. I'll cover logging... [Read More]

Posted on August 26, 2015

Though the OSPFv3 protocol does not offer a built-in authentication method, IPsec can be used to secure protocol exchanges between devices running OSPFv3. To authenticate OSPFv3 on a Juniper device, you first start out with the configuration of a Security Association (SA). The SA describes how the devices will communicate... [Read More]

Posted on August 12, 2015

The past few weeks I have been working on the replacement of several core nodes. After finally installing the last MX, I wanted revise several configurations that were applied. One of the configurations that I revised was the configuration used in the RSVP stanza. I ‘optimized’ it by implementing RSVP... [Read More]

Posted on August 1, 2015

Recently, I’ve been having some fun with the vSRX. I wanted to share the lab I created so others can see how easy it is to get things going with the vSRX. The vSRX doesn’t require a lot of resources and it is a really nice way to get acquainted... [Read More]

Posted on July 28, 2015

After creating a single-homed layer 2 EVPN here, let’s add some layer 3 routing and see in what way EVPN can benefit the datacenter. But first, have a look at a situation wherein a VPLS is connecting two data centers together: [Read More]

Posted on July 26, 2015

For a while now I wanted to try out EVPN on the MX. I decided to go for the easiest of scenarios that EVPN has to offer: a single-homed VLAN-based EVPN: [Read More]

Posted on July 23, 2015

Turning on IPFIX (IP Flow Information Export) on Juniper MX is a good idea if you want to know what’s going on. Not only can it provide you with a tremendous insight into the traffic traversing your network, you can also use the information provided by IPFIX to automatically divert... [Read More]

Posted on June 29, 2015

Connecting other parts of the network to the VCF in a redundant way using Link Aggregation Groups (LAG) is very easy. A LAG can combine several Ethernet interfaces into a single logical link called an Aggregate Ethernet (AE) interface. When you are running a VCF, you’d best spread a LAG... [Read More]

Posted on June 28, 2015

Having to deal with a network edge that organically grew as time passed, evolving into an ever more complicated constellation of switches, is frustrating. Looming in the back of my mind were choices made in a past I had no part of. Those choices strained growth and frustrated my attempt... [Read More]

Posted on June 17, 2015

Today I configured an IPsec VPN between a Huawei AR1220F and a Juniper M104. I wanted to keep the configuration around for future reference. The configuration on a Huawei is rather straightforward. To put the Huawei AR IPsec configuration in a picture: [Read More]

Posted on June 15, 2015

[Read More]

Posted on June 14, 2015

In this example, a server running BIRD will function as a route-reflector for two MX-routers: [Read More]

Posted on May 27, 2015

Juniper MX routers, except for the MX80, are capable of having two routing-engines (RE). In this article, I’ll configure an MX480 with some of the high-availability features offered by Junos. By using these features, you can decrease the downtime normally associated with a RE failure to an absolute minimum. Hardware... [Read More]

Posted on May 20, 2015

Of course, you need to allow RSVP in the firewall filter you are using to protect the routing-engine. The book 'Juniper MX series' covers this very in-depth in chapter 4. It offers a very extensive guide or example on how you could go about building a proper firewall filter to... [Read More]

Posted on May 18, 2015

After covering link-protection and node-link-protection here, I realized that I forgot one aspect. You can make Junos install the pre-signaled bypass LSP into the forwarding table. This is done by configuring a policy and by applying that policy under the [routing-options forwarding-table export ] stanza. A short example; [Read More]

Posted on May 17, 2015

Protecting LSPs in an MPLS enabled network can save quite some downtime whenever a link or a node in your network fails. In this article, we’ll go through the configuration of both link-protection and node-link-protection. We’ll configure it for the following scenario: [Read More]

Posted on May 17, 2015

This is the complete configuration used in Link-protection and node-link-protection on Juniper MX and several other articles. The routers in the topology drawing are all logical systems. The routers are running IS-IS. All interfaces are MPLS and RSVP-enabled. Under the RSVP configuration, there are also the ‘aggregate’ and the ‘reliable’... [Read More]

Posted on May 14, 2015

Traffic sent across RSVP-signaled LSPs without any additional configuration is susceptible to quite some down-time when a node or a link in the network fails. In a previous article here, I made an LSP more robust by configuring a primary and a secondary LSP. Let’s further enhance the LSP by... [Read More]

Posted on May 13, 2015

A failure somewhere in the network can cause for traffic traversing an RSVP-signaled LSP to drop. Several possibilities exist to reduce the impact a failure can have on RSVP-signaled LSPs. This article is about the creation of a secondary standby path in order to reduce downtime that is incurred upon... [Read More]

Posted on May 12, 2015

This is a quick and short article on how to perform vlan-swapping on a Juniper QFX5100. I was used to tunneling vlans in a QFX5100 by using the push-operation available through a vlan-map. With this in mind I was struggling to get vlan translation on the QFX5100 working. I was... [Read More]

Posted on May 12, 2015

This article is about the basic configuration on how to get an RSVP signaled MPLS LSP (label-switched path) working on a Juniper MX router. The focus will be on the minimum amount of configuration needed to create LSPs between the Tiberius and the Commodus router: [Read More]

Posted on April 2, 2015

This is an example on using the OSPF sham link in a BGP signaled MPLS VPN. The scenario is as follows: [Read More]

Posted on February 28, 2015

These notes cover CoS on Juniper devices. The list of topics covered here correspond to the JNCIP-SP exam objectives. One objective is missing. I will cover the 'Given a scenario, demonstrate knowledge of how to configure and monitor CoS' somewhere else. [Read More]

Posted on January 29, 2015

Policing, also known as rate-limiting, can be used as an instrument to control how much traffic is allowed to flow in a certain direction. In Juniper, you can do this by using a policer as an action in a firewall filter. This article is about the configuration of two simple... [Read More]

Posted on January 26, 2015

This article offers some insight into how you could decide to build a multihomed Layer 3 IP VPN or Layer 3 MPLS VPN. First I’ll go over the topology. After this, you will find the PE and CPE configuration. I’ll end with some verification and show commands. The topology: [Read More]

Posted on January 22, 2015

A QFX5100 allows for dot1q-tunneling, or Q-in-Q. If you ever configured dot1q-tunneling on an EX-switch, this configuration differs a lot from what you may be used to. This article offers an attempt to clarify and explain the configuration of a dot1q-tunnel on a standalone QFX5100 without an enhanced feature license.... [Read More]

Posted on January 19, 2015

This article explains how you can analyze the forwarding table on Junos. On this lab, I altered several metrics to make the traffic flow look like this: [Read More]

Posted on January 18, 2015

For a little while now, I have been wanting to do a Juniper IP VPN lab. I wanted to gather most of the basics into one post. In this post, I will elaborate on the different protocols and how they are configured. The complete configuration is posted at the bottom... [Read More]

Posted on November 23, 2014

Recently, I deployed a VCF consisting of some QFX5100's and some EX4300's. I found that the default configuration did not really protect the network well enough and I thought I’d share it in this post. On the QFX, you’ll find that storm-control is enabled by default. The first thing you'll... [Read More]